InvalidAuthenticityToken?

Should I be worried about InvalidAuthenticityToken errors? I’m pretty
sure this isn’t someone trying to hack us, but I suspect may be some
config error on our part.

We have 2 servers, each with multiple mongrels and Apache load-balancing
between them.

On the same lines, should I expect an authenticity token to remain
constant for the life of a session? I’ve analyzed my logs and I am
/definitely/ seeing instances where it looks like the authenticity token
is changing within a session (infrequently, though).

When it does change, it seems to be okay, though–since the response to
the client has the new authenticity token, then the form submit has the
new one and everything is okay.

But I do have cases where the server rejects the authenticity token…
any ideas why might this be happening or what I can look at to try and
debug?

Thanks,

dwh

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs